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CLAIMS 

1. A method of authenticating a data processing 
terminal (140; 115a) of a user ( USERa ; USERb ) for granting the 

5 data processing terminal access to selected services 
provided by a data processing system (100,105) , the user 
being provided with an authenticatable mobile communication 
terminal (150) adapted to be used in a mobile communication 
network (155), the method comprising: 

ID performing a first, SIM-based authentication of the 

user's data processing terminal in the data processing 
system at an authentication data processing server, said 
performing the SIM-based authentication comprising 
operatively associating with the user's -data processing 

15 terminal a first Subscriber Identity Module (SIMa) issued to 
the data processing terminal user; 

having the user's mobile communication terminal 
authenticated in the mobile communication network; and 

conditioning the authentication of the user's data 

ED processing terminal in the data processing system to a 
second authentication, said second authentication being 
based on identification information provided to the user at 
the mobile communication terminal through the mobile 
communication network. 

25 

2. The method according to claim 1, in which said 
second authentication comprises : 

generating a first password at the authentication data 

» 

processing server; 
30 sending the first password to the mobile communication 
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terminal over the mobile communication network; and 

checking a correspondence between the first password 
and a second password, depending on the first password, 
entered at the data processing terminal and provided to the 
5 authentication data processing server through the data 
processing system. 

3. The method according to claim. 2, comprising having 
the user entering the second password through the data 

ID processing terminal. 

4. The method according to claim 2, in which the 
second password is entered automatically upon receipt of the 
first password at ;the user's mobile communication terminal. 

5. The method according to claim 2, 3 .or 4, in which 
said first password is usable a limited number of times, 
particularly one time only. 

6. The method according to any one of claims 1 to 5, 
comprising issuing to the user a second Subscriber Identity 
Module (SIMb), adapted to be used in the user's mobile 
communication terminal for authentication thereof in the 
mobile communication network. 

7. The method according to claim 6, in which the 
second Subscriber Identity Module has a fixed, one-to-one 

♦ 

relationship with the first Subscriber Identity Module. 

30 8. The method according to claim 6, in which the first 
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Subscriber Identity Module is associated with an identifier 
of the second Subscriber Identity Module, particularly a 
mobile communication terminal number. 

5 9. The method according to any one of the preceding 

claims, in which said identification information is sent to 
the user' s mobile communication terminal by way of a Short 
Message Service (SMS) message. 

ID 10. The method according to any one of the preceding 

claims, in which said first Subscriber Identity Module is of 
a type adopted in mobile communication networks for 
authenticating mobile communication terminals 

IS 11. The method according to claim 10, in which said 

performing the first, SIM-based authentication of the data 
processing terminal comprises having the first Subscriber 
Identity Module authenticated by an authentication server 
(200) of the data processing system, the authentication 

20 server acting substantially as an authentication center 
(215) of a mobile communication network operator (160). 

12. A method by which a data processing terminal (140) 
in a data processing system is authenticated in order to be 
SS granted access to selected services provided by the data 
processing system (100,105), the method comprising: 

interacting (417,419,429,431,433) with a first user's 
Subscriber Identity Module (SIMa) operatively associated 
with the data processing terminal, and with an 
3D authentication data processing server in the data processing 

3b 



WO 2005/045649 



PCT/EP2003/050807 



system, for performing a SIM-based authentication of the 
user's data processing terminal; 

acquiring (455) personal identification information 
provided to the user at a user's mobile communication 
terminal authenticated through a mobile communication 
network (155) , and 

sending (457) said personal identification information 
to the authentication data processing server for completing 
the authentication of the data processing terminal. 

13. The method of claim 12, in which the first 
Subscriber Identity Module is of a type adopted in mobile 
communication networks for authenticating mobile 
communication terminals. 

14. The method of claim 13, further comprising: 
retrieving (417) SIM identification data from the 

first Subscriber Identity Module (SIMa); 

communicating the retrieved SIM identification data to 
the authentication server, the authentication server acting 
substantially as an authentication center (215) of a mobile 
communication network operator (160) ; 

receiving from the authentication server SIM 
authentication data corresponding to the SIM identification 
data, and passing the SIM identification data to the first 
Subscriber Identity Module; and 

communicating to the authentication server a response 

■ 

generated by the first Subscriber Identity Module. 

15. A computer program directly loadable into a 
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working memory of a data processing terminal for performing, 
when executed, the method according to any one of claims 12 
to 14. 

16. A method by which an authentication data 
processing server (165) authenticates a user's data 
processing terminal (140) in a data processing system (100) 
in order to grant the data processing terminal access to 
selected services provided by the data processing system 
(100,105), the method comprising: 

receiving (413) a request of authentication of ^the 
data processing terminal, the data processing terminal 
having operatively associated therewith a first Subscriber 
Identity Module (SIMa) ; 

performing a SIM-based authentication of the data 
processing terminal based on data associated with the first 
Subscriber Identity Module; 

providing (447,449,451) the user with first personal 
identification information by exploiting a user's mobile 
communication terminal (150) authenticated in a mobile 
communication network (155), and 

conditioning (459,461,463) the authentication of the 
user's data processing terminal to a prescribed 
correspondence between the first personal identification 
information provided to the user and second personal 
identification information received from the user's data 
processing terminal in reply to the provision of the first 
personal identification information . 

17. The method according to claim 16, in which the 
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first Subscriber Identity Module is of a type adopted in 
mobile communication networks for authenticating mobile 
communication terminals, the authentication data processing 
server acting (415,421,427,435,437,439) substantially as an 
authentication center (215) of a mobile communication 
network operator (160) . 

18. The method according to claim 17 , further 
comprising : 

generating at the authentication data processing 
server a first password and sending the first password over 
the mobile communication network to the user's mobile 
communication terminal; and 

conditioning the authentication of the data processing 
terminal in the data processing system to a prescribed 
correspondence between the first password and a second 
password, depending on the first password, entered at the 
data processing terminal and provided to the authentication 
data processing server through the data processing system. 

19. A computer program directly loadable into a 
working memory of an authentication data processing system 
(165) for performing, when executed, the method according to 
any one of claims 16 to 18. 

20. A computer program comprising the computer 
programs of claims 15 and 19. 

21. A computer program product comprising a computer 
readable medium on which the computer program of any one of 
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claims 15 , 19 and 20 is stored, 

22. In a data processing system, a system for 
authenticating a data processing terminal (140; 115a) of a 

5 user ( USERa ; USERb ) so as to grant the data processing 
terminal access to selected services provided by the data 
processing system (105) , the user having an authenticatabl-e 
mobile communication terminal (150) adapted to be used in a 
mobile communication network (155), the system comprising: 

ID a first Subscriber Identity Module (SIMa) operatively 

associatable (145) with the data processing terminal; and 
an authentication data processing server (165) adapted 
(200,210,215) to carry out a first authentication step based 
on the first Subscriber Identity Module; 

15 the authentication data processing server being 

further adapted (230-245) to carry oat a second 
authentication process based on identification — information 
provided to the user at the mobile communication terminal 
through the mobile communication network, 

ED 

23. The system according to claim 22, in which the 
first Subscriber Identity Module is of a type adopted in 
mobile communication networks for authenticating mobile 
communication terminals, 

55 

24. The system according to claim 23, comprising a 
second Subscriber Identity Module (SIMb) , to be used in the 
mobile communication terminal for authenticating the mobile 
communication terminal in a mobile communication network 

3D (155) . 
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25. The system according to claim 24, in which the 
second Subscriber Identity Module is in a fixed, one-to-one 
relationship with the first Subscriber Identity Module. 

5 

26. The system according to claim 24 , in which the 
second Subscriber Identity Module is associated with an 
identifier of the second Subscriber Identity Module, 
particularly a mobile communication terminal number. 

10 

27. The system of any one of claims 22 to 26, in which 
said first Subscriber Identity Module is associated with a 
device (145) connectable to the computer through a computer 

* 

peripheral connection port. 

15 

* 

28. The system of any one of claims 22 to 27, in which 
said mobile communication network is one among a GSM> a 
GPRS, a UMTS network. 

HO 29. An authentication kit for authenticating a user's 

data processing terminal (140,115a) in a data processing 
system (100) in order to grant the data processing terminal 
access to selected services provided by the data processing 
system (100,105), the kit comprising: 

25 a first Subscriber Identity Module <SIMa) ; 

a computer peripheral device (145) having associated 
therewith the first Subscriber Identity Module and 
operatively associatable with the user's data processing 
terminal; 

• 30 a second Subscriber Identity Module (SIMb) operatively 

m 



WO 2005/045649 



PCT/EP2003/050807 



associatable to a user's mobile communication .terminal (150) 

» * 

# 

for allowing connection thereof to a mobile communication 
network (155) . 

5 30. The authentication kit according to claim 29, in 

which- the first Subscriber Identity Module is of a type 
adopted in mobile communication networks for authenticating 
mobile communication terminals. 

3d 

10 32\ The authentication kit according to claim 29 or- 

30, further comprising the computer program product of claim 
21. 
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